GB2397676A - Privacy enhanced system using fact assertion language - Google Patents

Privacy enhanced system using fact assertion language Download PDF

Info

Publication number
GB2397676A
GB2397676A GB0301539A GB0301539A GB2397676A GB 2397676 A GB2397676 A GB 2397676A GB 0301539 A GB0301539 A GB 0301539A GB 0301539 A GB0301539 A GB 0301539A GB 2397676 A GB2397676 A GB 2397676A
Authority
GB
United Kingdom
Prior art keywords
customer
card
cardholder
response
assertion
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0301539A
Other versions
GB0301539D0 (en
Inventor
Martin Koistinen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SEMA UK Ltd
Atos Origin IT Services UK Ltd
Original Assignee
SEMA UK Ltd
Atos Origin IT Services UK Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SEMA UK Ltd, Atos Origin IT Services UK Ltd filed Critical SEMA UK Ltd
Priority to GB0301539A priority Critical patent/GB2397676A/en
Publication of GB0301539D0 publication Critical patent/GB0301539D0/en
Priority to PCT/EP2004/050041 priority patent/WO2004070670A1/en
Publication of GB2397676A publication Critical patent/GB2397676A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions

Abstract

Privacy enhanced method for a customer to communicate personal data to an organization he has access to comprising the steps of: <UL ST="-"> <LI>receiving a request for personal information from a requesting entity belonging to said organization, such a request being presented into the form of an assertion admitting a response of the type "true" or "false"; <LI>providing to the requesting entity the response of such an assertion, such a response being transferred with the control of the customer. </UL> In a preferred embodiment a customer presents a smart-card containing personal information to a card terminal which enquires as to whether the customer is at least 21 years old. The enquiry may be displayed. The cardholder then approves the assertion by entering a correct PIN to the card. A processor on the card decrypts the relevant personal file on the card and compares it to the request, to return either a true or false response.

Description

1 2397676
PRIVACY ENHANCED SYSTEM AND METHOD COMPRISING FACT
ASSERTION QUERY LANGUAGE
The present invention is related to a privacy enhanced system and method comprising fact assertion query language.
Nowadays there is a constant development of transactions between organization and customer where customers are obliged to identify themselves and where personal data are collected. This can be the subject of considerable abuse.
For example, a customer who opens his purse or wallet, will find, somewhere in there, several forms of identification cards. Some of these were probably issued by some forms of authority such as government, employer or perhaps school.
It is likely that he also carries other "identification cards" from retailers in his area. These cards are often described as "loyalty cards" and he carries them because his retailer provides him with Àe : À À 20 additional savings or points towards other benefits if he presents it en ewe every time he makes a purchase.
À .. - Some of the more successful loyalty card programs involve more than one retailer. For example, the card would be accepted, and earn À: 25 benefits for him, at; his grocer, his favorite gasoline station, his À-.e : favorite airline and perhaps a few of the specialty retailers that he À À.
frequents. For a consumer, this provides ample opportunity to amass greater savings or points towards the benefits the card offers.
However, loyalty card programs have really only one purpose - to collect and correlate information about customers; their spending habits, their brand preferences, their reaction to promotions, etc. This provides valuable marketing information for the retailers involved and, to a great extent; it helps them tailor their products and services to serve customers better.
Unfortunately, while the collection and analysis of such personal data by an organization (private or public) can be of great public benefit, it can also present some drawbacks in particular when links are made across organizations.
Privacy-aware consumers shy away from these programs - and for good reason. Armed with his personal details, any of the involved retailers could establish a match of a customer identity to credit agencies, public records, and more. Some of these retailers will also gain additional revenue by selling or renting customer personal details to other private organizations. Before too long, such a customer will find a tremendous amount of unsolicited offers in his À .. ÀÀ
ÀÀ 20 mailbox and unsolicited salespeople calling he at suppertime. If he is I. À. an internet-enabled consumer, it won't be too long before his web browsing habits are also being collected against his profile and the À content of spam and browser pop-up ads will start to reflect someone else's idea of who he really is. À. : 25
À À.. Presented with these concerns, it is no wonder many people would object to any form of identification cards. Without the proper care, a ubiquitous identity card could compound the problem of widespread collection and correlation of the consumers personal details.
On the other side it is also beneficial for the public that each organization identifies their customers such for example for loyalty programs.
There is therefore a need that every organization had access to personal information for specific legal reasons, but also that personal information should not be disseminated.
The present invention solves the above problems by providing a system or a method, which allows every organization to verify some personal information of its customer but which prevent such organization to access without any control to all the personal information of the customer.
The present invention is based on the fact that the organization access mainly to truth value of assertions and that access to such information is controlled by the customer. Àe. À . À
The invention will be further understood in connection with a detailed À À-e description of a practical example. Such an example is not limitative ale. of the invention, which should have other forms of implementation.
Following the embodiment further described, each customer is À: À. 25 provided with an identification card which allows him to access À.
À À various organization (either public or private).
Such an identification card is equipped with an embedded cryptographic processor- a smart card. The cryptographic smart chip was built from the ground up to securely hold information. It also provides a sufficient amount of computer processing and memory for the proposed innovations.
The identification card stores, among other things, public- and private keys. The cardholder will find these keys very useful in electronic transactions where he must prove his or her identity or electronically sign documents.
The card should be protected by the cardholder's personal identification number (PIN). This will allow a positive and culturally accepted means of approving operations on the card.
Some of the algorithms used to facilitate the functionality are already known. In particular, the application would use a cryptographic hash function at least in part.
Such an identification card store personal information on the customer such as his name, address and age. This card is to be presented for accessing various organizations (private or public), À which need to access all or part of this personal information. À
However in order to prevent from disseminating such a personal data, the card will not reveal the exact and full personal data but just À. 25 mainly a response such as "true" or "false". Further, the cardholder À will control all response to a query sent by a requesting entity by entering its PIN code.
For that the card and the requesting entity of the organization that ask for the personal data are equipped with an assertion application program.
The assertion application would allow specific assertions of fact to be made and their truth value returned. For example, a liquor retailer could require that the customer prove that he is of legal age to purchase alcohol. This application would allow a highly confident means of proving this assertion.
Since the application requires that the cardholder approve that the assert takes place, the cardholder is in full control of their details.
Furthermore, the application does not allow for open-ended queries into the details of the cardholder. The facts are already known and exchanged by the parties. The fact is simply proven to a high degree of confidence by the application. Finally, the application only returns enough information to satisfy the legal requirements of those involved.
In the case of the liquor store owner, he does not need to know the customer's current age or date of birth, just that he meets the legal requirements for buying alcohol. À ease
a. Sometimes it is important for an organization to know certain facts about the cardholder before he or she can become a member of, or interact with the organization. For example, in order to by alcohol À. 25 beverages from a retailer, the customer is typically asked to prove that À À he or she is of the legal age. The retailer doesn't need to know the customer's actual age, just that they are at least the minimum age.
The author proposes another application on the card that can help.
Once the retailer verifies that the card is authentic and that the individual is the proper holder of that card, the retailer might ask the cardholder to insert his or her card into the trusted card-terminal for an age-verification. The cardholder would insert his or her card and the terminal would display the assertion that the retailer needs verified. If the local legal age for alcohol purchase were 21 and the current date were the 20th of January 2003, the terminal might read: The cardholder is at least age [21] as of [20-Jan-2003] The cardholder would then approve the assertion by entering the correct PIN for the card. The Assertion Applet would then decrypt the appropriate record on the card, compare the official date of birth for this cardholder to the date provided (20-Jan2003), compute that it is at least the age provided and return simply true or false to the card- terminal, which would display the value for the retailer.
Note that this interaction does not reveal any more information about the cardholder than is necessary for retailer to fulfill their legal À requirements. In facts this sort of innovation would even allow the Àe retailer to maintain receipts that each purchase of alcohol was to a À .À. legally aged customer.
The author proposes that the Assertion Application can interact with À''' 25 a number of data records on the card such as at least the À cardholder's official name, official gender, official date of birth, official current residence.
Some example assertions might be: To assert that the name the cardholder provided is their official name: The cardholder's first name is [Martin].
The cardholder's Surname is [Koistinen].
The cardholder's full legal name is [Martin James Koistinen].
To assert that the cardholder is the proper gender to join a singlegender school: The cardholder is [Male].
To assert that a cardholder is of legal age to enter a night club: lS The cardholder is at least [21] years old as of [20-Jan-2003].
Verifying that a cardholder is eligible for a child-discount: Àe À.
À The cardholder is not yet [12] years old as of [20-Jan-2003]. I..
À..... 20 To assert that the cardholder is a legal resident of a tax or voting À - À district: The cardholder is currently residing in the state of [England].
The cardholder is currently residing in the county of [Berkshire].
The cardholder is currently residing in the city of [Windsor].
Note that in each case, the single assertion is approved or denied. It would not be possible to simply ask for information about the cardholder. First of all, the cardholder must approve the assertion first. Even then, if the assertion fails, no further information about the cardholder is revealed.
In general, the Assertion Application can be used to prove assertions that the cardholder declares of themselves. This means that the card only proves known facts. It does not reveal them. When a cardholder tries to buy alcohol, he or she is asserting that they are of the legal age. The application helps them prove it.
Since the card terminal can provide a receipt of the assertions and their answers, both parties have the ability to prove that only the right assertions were made, and that these were sufficient to allow or deny the membership or transaction. Imagine a case where a cardholder has gone to a job interview and the employer has asked to assert that he or she is at least the legal age to work, but the employer has instructed the card terminal to assert two facts: a. .. À .
À À The cardholder is at least age [15] as of [20-Jan-2003]. ma
À. 20 The cardholder is [male]. I:
-
If it were inappropriate for the gender of the cardholder to be asserted for the position, the cardholder could firstly disallow the second À. . assertion, then take a receipt of the assertion to the authorities as À À 25 evidence of the employer's misconduct.
Additionally, the author proposes a variation of the application that would allow assertions to be made on certain emergency medical information. The application could be implemented so that with proper authorization, emergency medical crews could make these assertions without requiring the possibly unconscious cardholder's PIN: The cardholder is known to be allergic to [penicillin].
The cardholder is known to be a [hemophiliac].
Perhaps also with the proper authorization, more open-ended questions could be asked such as: What is the cardholder's blood type? What medications is the cardholder current prescribed to take? What is the contact information for the cardholder's current doctor? À. .. À À ae.e À À -en À...e À . À: À... À À . À À.

Claims (4)

1. Privacy enhanced method for a customer to communicate personal data to an organization he has access to, the method comprising the steps of: receiving a request for personal information from a requesting entity belonging to said organization, the request being presented in the form of an assertion admitting a response of the type "true" or "false"; and providing to the requesting entity a response to the assertion, the response being transferred with the control of the customer.
2. The method of claim 1, wherein said response is generated by a microprocessor embedded in a device belonging to said customer, said microprocessor calculating the truth value of the query based on customer personal data stored on the microprocessor.
À
3. The method of claim 2, wherein said response needs for being À transferred to the requesting entity that the customer communicates a password to that device such as a PIN code.
À e'.. À
4. A system to implement the method of claims 1 to 3, wherein À: À said customer has a smart card to communicate with a terminal to À e.
. the requesting entity, said smart card storing personal data and an À À . algorithm to operate on the query transmitted by the terminal.
GB0301539A 2003-01-23 2003-01-23 Privacy enhanced system using fact assertion language Withdrawn GB2397676A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB0301539A GB2397676A (en) 2003-01-23 2003-01-23 Privacy enhanced system using fact assertion language
PCT/EP2004/050041 WO2004070670A1 (en) 2003-01-23 2004-01-23 Privacy enhanced system and method comprising fact assertion query language

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0301539A GB2397676A (en) 2003-01-23 2003-01-23 Privacy enhanced system using fact assertion language

Publications (2)

Publication Number Publication Date
GB0301539D0 GB0301539D0 (en) 2003-02-26
GB2397676A true GB2397676A (en) 2004-07-28

Family

ID=9951654

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0301539A Withdrawn GB2397676A (en) 2003-01-23 2003-01-23 Privacy enhanced system using fact assertion language

Country Status (2)

Country Link
GB (1) GB2397676A (en)
WO (1) WO2004070670A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0810538A2 (en) * 1996-05-28 1997-12-03 Fujitsu Limited Management system for using IC card with registered personal information
EP0864996A2 (en) * 1997-03-13 1998-09-16 Hitachi, Ltd. Portable electronic device and method for personal identification

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5148481A (en) * 1989-10-06 1992-09-15 International Business Machines Corporation Transaction system security method and apparatus
US5048085A (en) * 1989-10-06 1991-09-10 International Business Machines Corporation Transaction system security method and apparatus
US5241599A (en) * 1991-10-02 1993-08-31 At&T Bell Laboratories Cryptographic protocol for secure communications
US5745571A (en) * 1992-03-30 1998-04-28 Telstra Corporation Limited Cryptographic communications method and system
US5943423A (en) * 1995-12-15 1999-08-24 Entegrity Solutions Corporation Smart token system for secure electronic transactions and identification
AUPP223998A0 (en) * 1998-03-10 1998-04-02 Lindley, Robyn A. Dr Mobile intelligent memory unit (mim)
DE19816541C2 (en) * 1998-04-15 2001-05-10 Orga Kartensysteme Gmbh Data exchange system
FR2780177B1 (en) * 1998-06-17 2001-10-05 Schlumberger Ind Sa SOFTWARE PROTECTION SYSTEM
US6829711B1 (en) * 1999-01-26 2004-12-07 International Business Machines Corporation Personal website for electronic commerce on a smart java card with multiple security check points
EP1035461A3 (en) * 1999-03-11 2004-04-14 BDC - EDV Consulting GmbH Terminal for secure data confirmation and corresponding method
US20020194499A1 (en) * 2001-06-15 2002-12-19 Audebert Yves Louis Gabriel Method, system and apparatus for a portable transaction device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0810538A2 (en) * 1996-05-28 1997-12-03 Fujitsu Limited Management system for using IC card with registered personal information
EP0864996A2 (en) * 1997-03-13 1998-09-16 Hitachi, Ltd. Portable electronic device and method for personal identification

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
PAJ English language abstract for JP 2168371 A (Mitsubishi) 28.06.90 *

Also Published As

Publication number Publication date
GB0301539D0 (en) 2003-02-26
WO2004070670A1 (en) 2004-08-19

Similar Documents

Publication Publication Date Title
US7761384B2 (en) Strategy-driven methodology for reducing identity theft
KR101378504B1 (en) Privacy enhanced identity scheme using an un-linkable identifier
US7269737B2 (en) System and method for biometric authorization for financial transactions
Clodfelter Biometric technology in retailing: Will consumers accept fingerprint authentication?
US7997477B2 (en) System and method for biometric authorization for check cashing
US7647505B2 (en) Recording medium, recording medium reading/writing apparatus, and method of using recording medium
US6985887B1 (en) Apparatus and method for authenticated multi-user personal information database
US20070291995A1 (en) System, Method, and Apparatus for Preventing Identity Fraud Associated With Payment and Identity Cards
US11855973B2 (en) Systems and methods relating to digital identities
MX2007009329A (en) Secure transaction system.
US9508074B2 (en) Method for secure use of identification cards
US20080319801A1 (en) Warranted Retail Transaction
Ciesielski et al. Multiple-valued Boolean minimization based on graph coloring
WO2017209894A1 (en) Systems and methods for use in facilitating donation transactions
KR20060009311A (en) Smart card that stores invisible signatures
Nguyên National Identification Systems
GB2397676A (en) Privacy enhanced system using fact assertion language
Kennedy Thumbs up for biometric authentication
Gilmore et al. The future of online internet marketing: A solution to behavioral marketing using biometrics
US20160048839A1 (en) System and method for exclusion-based imposter screening
KR20110009377A (en) Method for fraud protection of credit card
Kang et al. Biometrics for hospitality and tourism: a new wave of information technology
GB2397678A (en) A secure terminal for use with a smart card based loyalty scheme
Groves Achieving cost reductions through biometrics
Scherer Biometrics: Past, present and future

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)